March 2, 2012

Eight top republican senators introduced a bill on Thursday that they say is intended to beef-up the cybersecurity of critical infrastructure using a variety of strategies, from more draconian penalties for cyber-crimes to enhancing channels of communication between government security agencies and private-sector businesses.

The proposed legislation would also mandate that federal contractors report potential cyber-threats to regulators and security agencies.

Spearheaded by national-security hawk Senator John McCain of Arizona, the so-called SECURE IT Act has been presented as a countermeasure to a similar, bipartisan bill that came to the Senate floor last month.

McCain and colleagues have contended that the rival cybersecurity legislation, which is endorsed by Senate Majority Leader Harry Reid, would entail unnecessary federal intrusion into the private sector and would give arbitrary authority to unelected bureaucrats.

“We believe that ensuring our nation´s cybersecurity is critical. We have a bill that would do plenty to meet current challenges,” said Senator McCain in a statement introducing the bill.

Senator Saxby Chambliss of Georgia, McCain´s Republican colleague and fellow supporter of the bill, added that “[m]ore government is seldom a solution to any problem,” reinforcing the claim by the bill´s authors that their version introduces very little new federal regulation.

“Now is not the time for Congress to be adding more government, more regulation, and more debt — especially when it is far from clear that any of it will enhance our security,” said Chambliss in reference to the rival Cybersecurity Act of 2012 introduced last month.

The National Retail Federation (NRF), which represents over 1.6 million retail establishments across all industries, has voiced vehement opposition to both Senate bills.

In an official statement, the NRF´s senior VP of government relations David French stated that both bills “could force retailers to unnecessarily spend millions of dollars on data monitoring services for customers if their databases were hacked.”

“Cybersecurity legislation includes the laudable goal of increasing information sharing between the government and private sector, but the goals underlying the cybersecurity legislation and provisions in data breach notification legislation are fundamentally contradictory,” he continued.

“Juxtaposing these contrasting proposals would place businesses in a precarious position when their systems are attacked by cyber criminals.”

French also noted that many of the NRF´s members had voiced concern that additional federal mandates on Internet security would inevitably lead lawmakers and bureaucrats to tack on endless rows of addendums and provisions — all of which require companies to divert assets away from their core business in order to comply.

As of Thursday, the Senate was simultaneously considering two bills with similar aims. The version supported by Reid aims to enhance the cybersecurity of the country´s infrastructure largely by requiring key industries to upgrade their systems and comply with federally mandated security standards. Its rival bill would attempt the same by introducing harsher penalties for high-tech criminals.

Senator Reid has taken a measured approach to the Republican´s SECURE IT Act, noting that much of its content accorded with its bipartisan counterpart introduced last month, particularly in terms of improving communication channels between the federal government and the private sector.

“I look forward to a debate on the Senate floor that will ensure this bill and other proposals get a fair hearing, and which will allow thorough consideration of amendments to improve the legislation,” said Reid after the introduction of the Republican legislation.

Meanwhile, the House of Representatives is also currently tinkering with its own legislation that would both overlap with and expand upon the Senate versions.